True, reading a file shouldn't require an exclusive lock. Theexclusive lock is taken to prevent the file from changing while thefile hash is being calculated.

> But regardless, it needs *explanation*.

Agreed. A fuller explanation was included in the cover letter thatshould have also been included in the patch description. Thefollowing is taken from the cover letter:

With the introduction of IMA-appraisal and the need to write filehashes as security xattrs, IMA needed to take the global i_mutexlock. process_measurement() took the iint->mutex first and thenthe i_mutex, while setxattr, chmod and chown took the locks inreverse order. To resolve this potential deadlock, the iint->mutexwas removed.

Some filesystems have recently replaced their filesystem dependentlock with the global i_rwsem (formerly the i_mutex) to read a file.As a result, when IMA attempts to calculate the file hash, readingthe file attempts to take the i_rwsem again.

To resolve this locking problem, this patch set defines a new->integrity_read file operation method.